CNNVD-202510-3780 Information

CNNVD ID

CNNVD-202510-3780

Related CVE

CVE-2025-40843

• CNNVD Published: 2025-10-28

Description (Chinese)

CodeChecker是Ericsson开源的一个 Clang Static Analyzer 和 Clang Tidy 的分析工具、缺陷数据库和查看器扩展。 CodeChecker 6.26.1及之前版本存在安全漏洞，该漏洞源于内部ldlogger库存在缓冲区溢出。

Description (English)

CodeChecker is an analytical tool for Clang Static Analyzer and Clang Tidy from Ericsson’s open source, a flawed database and viewer extension. CodeChecker 6.26.1 and earlier versions had a security loophole, which stemmed from the spilling of the internal Idlogger stock in the buffer zone.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

爱立信

Published

2025-10-28

Last Modified

2026-02-24

References

https://github.com/Ericsson/codechecker/security/advisories/GHSA-5xf2-f6ch-6p8r https://access.redhat.com/security/cve/cve-2025-40843

Patch

https://github.com/Ericsson/codechecker/releases